Re: securing this workstation.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Apr 25, 2025 at 9:38 PM home user via users <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
(Fedora-42; stand-alone workstation)

This is a totally new Fedora install on a stand-alone workstation, done
today.  It is not a part of a LAN or WAN or any other home or office
network.

Please describe how the system is connected to the internet.  Does your system get an IPv4 address
or IPv6?

 
It is not dual-boot.
I do need for Firefox, Thunderbird, and dnf to be able to interact with
the "outside world" appropriately.  I do occasionally need to be able to
download or upload things.
Beyond those (and maybe other appropriate things that don't at the
moment come to mind), I do not want anyone or anything to be able to get
into this workstation.  For example, no "ssh", "scp", "rlogin".

I gather from the Fedora docs that I should use firewalld or
firewalld-config.  I have both.  But Fedora docs does not give me enough
detail.  I am not an IT professional.  What specifically should I do to
keep unwanted people and things out?

Many "home" internet connection hardware does network address translation (NAT) to a non-routable
Vendors support NAT because it allows one IPv4 address to be used by all the devices on each
customer network, but it also prevents external sites from connecting to the devices on the
customer network.  

With NAT, connections to external systems must be initiated from your system, but many web sites
use multiple external sites for elements of the page you see.  There is always a risk that one of these
sites has been hacked and is serving malware or stealing personal information.  Firefox on Fedora
includes some measures to block or mitigate such attacks.

--
George N. White III

-- 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux